Jason Stelzer on 30 Dec 2008 13:22:08 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] migrating to AD user with Likewise Open

On Tue, Dec 30, 2008 at 2:07 PM, Mag Gam <magawake@gmail.com> wrote:
> To be on topic, I too have a very similar question
> Presently, at my company we use AD for all authentication and as an
> application developer my  biggest challenge is to integrate
> authentication into our apps. The authentication team simply does not
> answer or understand my question. Of course, there is a possibility I
> am asking it wrong :-)
> As an alternative, we created a database with usernames and passwords
> and all of our applications use this db. We are in our own
> island...which is not good IMO
> I am no expert in AD whatsoever, but if I know my username, password,
> and domain is there a library (C/C++/Java/Perl) I can use to test my
> authentication?

It's not quite that simple. AD is actually LDAP with some 'extra' stuff.

That said, we use AD as our single sign on backend for our
linux/windows/apps. The trick is knowing the ldap schema your
organization uses. Its very simple and standard to query it. We moved
away from pure ldap to a kerberos ticket system, but the fundamentals
remain the same. We just happen to use kerberos to do the auth and use
ldap to retrieve roles/groups.

You'll need to know your organization's DN (distinguished name), the
name of the AD box you want to connect to as well as a user/password
to bind (connect) with. I suppose you could just try the bind with the
username/password for a pass/fail type of auth. But if you want to
look up stuff like roles/groups, you'll have a little more work to do.
Once you're connected, you can lookup whatever public information you
want in the ldap directory.

LDAP can be a very daunting thing to learn, but if you take your time
it'll make sense and you'll get what you need.

You can also configure pam to use ldap for authentication under linux.
There are lots of howtos out there.
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug